01/09/2018

Learning from 2017 for Better Cybersecurity in 2018

by Dave Wagner

2017 was a historic year for cyberattacks: The number of attacks, number of victims, and overall cost of cyberattacks were as high as ever. And while the evolving scope of this problem certainly is concerning, even more concerning is the shifting manner of attacks.

Instead of trying to steal the most data possible, hackers are increasingly focusing on specific high-value targets and are motivated by social or cultural disruption as much as profit.

The past year also revealed that the email inbox is both a vulnerable attack vector and subject to more sophisticated threats, such as business email compromise. The average inbox contains tons of sensitive information, and insecure mobile devices have become users’ primary access points. With up to 65 percent of the 100 emails users receive daily now considered “antagonistic,” hackers are constantly developing newer and smarter schemes that are even harder to detect.

If companies want to make 2018 any different from 2017, they need to be realistic about and prepared for this dynamic threat landscape. Too often, insufficient cybersecurity solutions are put in place because organizations either believe that cybersecurity is too obstructive to their operations or because they rely on users to follow cybersecurity protocols. Instead, organizations should focus on practices that are both easy to implement and easy to use.

Make users a strength, not a weakness. As the most effective and inexpensive strategy available, employees are your first line of defense. Educate and train your staff how to identify potential threats and what to do if any suspicious messages appear in their inboxes.

Monitor messages to quarantine anything suspicious. Malicious messages that never hit your email can’t compromise your company. Filter out corrupted messages from known attackers or suspect URLs, then rely on machine learning to enhance your ability to detect and deflect those subtler and more sophisticated threats early on. As well, proactively analyzing suspicious messages allows them to be vetted by threat experts in a secure environment before being sent along to the intended recipient.

Implement email encryption. Adding to your layered defense, email encryption ensures that sensitive data is protected from hackers. Email encryption doesn’t have to be difficult or obtrusive. Relying on an encryption platform like ZixEncrypt that encrypts messages automatically (including ones on mobile devices) and simplifies the process for both senders and receivers makes the process not only effective, but also convenient.

Cyberthreats will only get worse in 2018, but the good news is that cyber defenses can be advanced, too. Sometimes, though, even the best strategy isn’t enough, so make sure that you develop a plan detailing how your organization will respond in the wake of a cyberattack to mitigate any damage. Those companies that will make it through tomorrow without a major incident are the ones that fortify both their solutions and their response plans today.